What are the pros and cons of both in terms of security and privacy?
Usually PWA are more private. They’re limited by the browser itself and you can utilize inbuild adblockers etc. It’s like another layer before the system itself. And security depends on the browser, I’d say.
PWA (Web Apps) are much better for both security, and privacy. Let’s use a common service, as an example. Something like Discord.
If you install the Discord app, and not interacting with your communities, you’ll still be giving Discord so much data. They’ll be collecting device IDs, personal info (eg: name), location, contact info, and so on. They’ll be collecting this info by normal methods (that device/OS maintainers know about), and potentially via zero-day vulnerabilities (collecting more info than they’re declairing).
If you’re just using Discord through the browser, they’ll get a lot less data. They don’t have access to your data, device ID, or anything. They will know your browser, any info your browser leaks, and what you say/do on their service, but that’s it.
Now this COULD start to change soon. Apple (and I’m sure others, like Google) has been working on better PWA integration. Pretty soon they’ll have the ability to sent Push Notifications on iOS. More info HERE. In theory this could expose vulnerabilities, or leak more of your info. More info is needed, though I think it would still be better than a native app.