Hello, my two cents:
The first time the user logs in, his/her default app is determined and stored in the users own user-prefs, SPLUNK_HOME/etc/users//user-prefs/local/user-prefs.conf.
Yes. That is correct per user-prefs.conf.
A LDAP user has an empty default app (something else may be defined in SPLUNK_HOME/etc/apps/local/user-prefs.conf , but only one for all users), so a default app from the assigned roles is taken.
This may be right, I am partially confident on this. Yet to test.
A local user gets the launcher as default app upon first login.
That is right. Per user-prefs.conf, Splunk defaults the app name to 'launcher' via the default authorize.conf.
If more than one assigned role defines a default app, to outcome seems to be undefined.
This is explained below by @kmorris_splunk
If the user has no permission on the app defined in the user.prefs, a page with the list of all available apps to which the user has access will be displayed.
That is correct. You can find some info here.
A user may change the own default app in the preferences any time.
Yes.
Additionally, this link has some good information about configuring default app by role. HTH!
... View more