I think this kind of things (granting permissions) should be done by the Browser, not the application. If some technology can be abused (like using the microphone or the web-cam, and apparently, WebRTC) then the browser should ask if this is OK, not the web-application.