My suggestion is framed in reference to the upcoming phone, but would be equally useful on the desktop (laptop).
It is possible to use Firefox/Iceweasel/Purebrowser profiles in order to segregate browsing, cookies, add-ons, etc. In order to simulate the “app” experience and maintain privacy I propose using browser profiles to load mobile web “apps” in their own browser instances.
For example, I use my bank’s app in Android. Their mobile website is equally useful and would be my only option on the Librem phone. I could simply create a desktop/homescreen shortcut, but that would open in the same browser instance I’m using for everything else. This would possibly result in privacy loss via third party trackers, expose me to XSS, session hijacking, etc. If my bank’s “web app” opened in it’s own browser instance I could easily get to it, allow that instance to save session cookies in order to stay logged in, save the password if I choose to, etc…In addition, instead of creating complicated proxy rules using foxyproxy a similar add-on, you can have different proxy settings for each profile, (e.x. use proxy for general browsing, but connect directly to your bank).
Of course, if the “web app” links to an external website, it might be opened in the same instance. To address this, it might be possible to create a custom extension to whitelist domains for a profile, intercept links and open those links in a general browsing profile or in their own configured profile.
At a higher level, we could create an “app store” where people can share their mobile website profile settings (homescreen logo, allowed domains, proxy settings, etc.)