Everyone here talks about Apple's "30% cut" (which of course is nowhere near what Apple actually gets, as people don't take into account costs for the high transaction costs on these small purchases), but as someone who runs an App Store (and who has had to on numerous occasions here on Hacker News dispel the weirdly-pervasive myth that Apple makes meaningful money from their App Store, something trivially disprovable using Apple's earning statements), I will assert the difference is more to do with license transfer and fraud mitigation, two things users and developers alike often fail to realize are either hard or even necessary until after it is too late.
In-App purchases are tied to your Apple ID and can be recovered and reactivated by a receipt API on other devices you are logged in to: Apple wants you to use their API for this purpose to guarantee that buying new devices will not lead to the user having lost a ton of money in their software investments. Some developers in the Cydia ecosystem sell things themselves, and they have either draconian or broken device license transfer restrictions. Users still complain to me, even though I had nothing to do with their payment. For Apple, the issue is even worse, as it could keep a user from buying a new device (where Apple actually makes money: anything that stands in the way of this Apple will not tolerate).
Physical goods are also very easy to build fraud contros for, due to the requirement of a physical shipping address; the same is not true of digital goods: Apple has spent a long time building out fraud management for their digital goods sales, and I doubt they want the Apple Pay platform to suddenly be inundated with tons of "app developers" (a class of developer Apple clearly doesn't trust very much) to make people start to think Apple's app ecosystem is a massive source of credit fraud. Apple also likes separating user data from developers: you don't know your customers, only Apple does; for a physical good, that is obviously an impossible separation to maintain, but for digital goods I think they would rather continue to have all purchases gated through them so that all developers see are anonymized identifiers.
Hey, I didn’t want to suggest it’s about squeezing money. You are certainly correct, Apple is much more directly involved with in-app purchases, so they also take much more ownership and responsibility for it. (Though I would also argue that this has a lot to do with the status quo. In-app purchases were quite new and there were no expectations about how to deal with them and who gets what. Credit card transactions are old and established and to get in on them you have to be competitive when it comes to fees and at least as convenient.)
In-App purchases are tied to your Apple ID and can be recovered and reactivated by a receipt API on other devices you are logged in to: Apple wants you to use their API for this purpose to guarantee that buying new devices will not lead to the user having lost a ton of money in their software investments. Some developers in the Cydia ecosystem sell things themselves, and they have either draconian or broken device license transfer restrictions. Users still complain to me, even though I had nothing to do with their payment. For Apple, the issue is even worse, as it could keep a user from buying a new device (where Apple actually makes money: anything that stands in the way of this Apple will not tolerate).
Physical goods are also very easy to build fraud contros for, due to the requirement of a physical shipping address; the same is not true of digital goods: Apple has spent a long time building out fraud management for their digital goods sales, and I doubt they want the Apple Pay platform to suddenly be inundated with tons of "app developers" (a class of developer Apple clearly doesn't trust very much) to make people start to think Apple's app ecosystem is a massive source of credit fraud. Apple also likes separating user data from developers: you don't know your customers, only Apple does; for a physical good, that is obviously an impossible separation to maintain, but for digital goods I think they would rather continue to have all purchases gated through them so that all developers see are anonymized identifiers.