Hi Danielle,
The article that you are referring to limits access to the data via the rest endpoint (service layer) and not the item (sharing). When you follow the steps in the article above, only the specified app can send requests and draw the layer as the layer is set up to only interact this the client specified in the referrer url.
Sharing and viewing group content is a different way of controlling accessibility where it controls specifically which users can see what. Items published to ArcGIS Online are stored as an item, that refers to a service, web map, application, etc. When you share that item with a group, organization, public, this controls who can see and interact with the item. If you restrict which apps can access the rest endpoint as mentioned in the article above, this is an additional security restriction in addition to item sharing and does not control the item sharing.
If you are looking to create a gallery where users can only see the application, I would suggest creating two groups for the time being. 1 group for display (only contains the application). Set this up to be the group that is featured in your gallery. Create another group to handle permissions. in this group you will need to have the app, web map and feature layers, and share them with the users that need access.
Here is a helpful links on sharing:
Share items—ArcGIS Online Help | ArcGIS
There is also an idea that we are currently considering for a future release of the software that you should promote if this sounds like functionality that you are looking for:
Allows Group owners to set a default type(s) of items (maps, apps, etc) that are visible to group en...