Motivations for enhanced client control include DRM (preventing the user to manipulate or access remote-provided content), enhanced multimedia experience, in some cases client-side security enhancements (ironically), vendor lock-in of some services, more interactive experiences for chat and desktop-like GUI forms, providing difficult-to-avoid ads, the implementation of user tracking web-beacons, and other reasons.
"Apps" become ubiquitous, especially on "mobile platforms". These are applications which users accept to install on their computers, and which every site now wants users to download as part of a new fashion.
It is not far fetched for "apps" to remind us about the dangerous "screensaver" trojans, which many Windows users frequently downloaded from random sites. Installing third party "apps" is not much different.
Another interesting point is that various corporations have long fought to control the user experience by limiting and controlling what their computers can do, and pushing DRM. While many desktops and laptops have hardware DRM enforcing measures included, they usually are turned off, and won court orders permitted users to meanwhile expect that they can turn this feature off on off-the-shelf desktop and laptop hardware. This is however different with "mobile" devices. These usually ship with TPM or equivalent enabled, with a cryptographically signed operating system installed, and the user has no "root" or administrator access, unless bugs can be exploited to obtain such access on our own devices. This also hinders control like installing a third party, open source operating system of one's choice.
To finish this section, let's mention that those devices often track the user's position, and can even appear to be off when the camera or speaker might be actively recording and forwarding their streams to a spying party. And that GSM enabled devices are prey to mandatory silent/covert SMS messages, and that cell providers must also themselves implement mandatory "lawful interception" facilities on their networks. Last but not least, covert clandestine cell towers may be setup as espionnage and interception relays not only by governments, but by any corporation or criminal organization.
A popular example of malpractice is Badoo. A user who installs its "app", allows it to steal the contact/address book. Badoo then spams every address, voilating good IT practices as well as basic privacy; most of that user's friends now know that the user has recently joined Badoo. Those spam emails pretend that we received a message from that user, providing an URL to visit to read the message. That link redirects the Badoo sign-in process, pretending that an account is necessary to access the message. Once signed in, the user is deceived, there never was any such message in the first place, it was only spam; and if this user also installed their "app", their friends may also get caught in the same scam.
AJAX now mostly simulates an interactive terminal to a server (or cluster of servers), which is a type of return to the old days of mainframe and terminals. However, this is achieved with tremendous bloat, including compatibility with every silly web standard, and based on both unefficient and insecure technology.
The development of a new standard terminal, updated with all the necessary features for today, from scratch, could use interactive persistent connections, a declarative only protocol avoiding execution of remote-provided code. Although based on suboptimal technologies itself, the BEEP protocol and XForms seemed like promising future technologies. Unfortunately, AJAX now dominates, with XForms only present in the server-backend of some web applications, with an AJAX client frontend. Flash could have been a step in the right direction, had it been open source and auditable since the start, and designed properly, with efficiency and security in mind.
Instead of being embedded in existing web pages and run as a plugin in current browsers, the new technology should ideally run within its own separate application, such that it may discard every arcane kludge of the web, and avoid common pitfalls such as bloat, XSS vulnerabilities, inter-site local-storage and user tracking, etc. An application like online access to a bank could become more secure than with current browsers, the web and SSL/TLS alone.
Clustering, aggregating, etc, could be done server-side, or at the level of a middle-proxy, acting as the server-side. But this is the contrary to what vendors want: more client control. The resulting system would be lightweight enough that embedded devices, including "mobile" computers, could run it properly. This could then also replace the "apps". Web widgets, without the web. It could also encourage net neutrality.