Web apps are better sandboxed since they benefit from the Vanadium/Chromium sandbox, but they're served arbitrarily by web servers.
Native apps mainly rely on the OS app sandbox (some parts can use a stricter sandbox called isolatedProcess), but can use more security features such as certificate pinning and the hardware-backed keystore. There are also W^X restrictions as signed code is distributed through app repositories with signature enforcement for app updates.
It comes down to the app in question.