They do ask for location data, and it tends to mostly work - sites like openstreetmap will ask for it when you press the right button for example, which makes sense.
There is a risk that it ends up like cookie banners, and the adtech industry manages to brainwash the world into thinking that the government is the bad guy and they just want some harmless data to share with their 1,345 best friends and they are “forced” to show these. Despite there being no requirement at all to track data, and they break the law with it anyway so why bother.
This is a poorly explored avenue. I think a lot of these more advanced APIs ought to be permitted to "installed" PWAs. Maybe it could even look like permissions menu for apps in phone OSes.
I was a bit dismayed when mozillians in the bugtracker dismissed the idea of requiring consent to initialize WebRTC. F'k it, scan the local network.
There is a risk that it ends up like cookie banners, and the adtech industry manages to brainwash the world into thinking that the government is the bad guy and they just want some harmless data to share with their 1,345 best friends and they are “forced” to show these. Despite there being no requirement at all to track data, and they break the law with it anyway so why bother.