You are correct about the differences between the native app and the web app. The two you mentioned plus lack of logging feature. The latter is being implemented into firmware and will soon be parsable by the mobile app.
The native app needs only port 8080. This is the port to the OSPi/OSBo setup.
The web app needs only port 80. This is the port to Apache or other webserver serving the web app. It will connect locally (127.0.0.1:8080) to the OSPi/OSBo.
Update: Also, make you the config.php in the web app doesn’t have force_ssl (unless you want it then you open port 443 instead). SSL is the preferred method when possible.