PWAs are only able to be limited by technical measures, not business measures. For instance, anti-fingerprinting logic wouldn’t be needed in an App Store. There, Apple can say if they find out you are fingerprinting users without going through Apple’s specific ATT user consent process, you are in violation of our developer agreement and may be permanently banned from the store.
Each update of an app is reviewed, while a website can change completely at any moment (or have different versions served for different people). This is why for instance web extensions are heavily reviewed and audited.
This means they are pretty fundamentally different models.
The prompt for location is different for example because Apple enforces you are using the location information you gather for a specified reason, and has the aforementioned business penalties for misuse, and has tied all that to a real world identity. The browser can’t know if the page asking for location data is for mapping, for marketing tracking, or so that someone can drive to your home. The two features are going to look and behave distinctly.
Each update of an app is reviewed, while a website can change completely at any moment (or have different versions served for different people). This is why for instance web extensions are heavily reviewed and audited.
This means they are pretty fundamentally different models.
The prompt for location is different for example because Apple enforces you are using the location information you gather for a specified reason, and has the aforementioned business penalties for misuse, and has tied all that to a real world identity. The browser can’t know if the page asking for location data is for mapping, for marketing tracking, or so that someone can drive to your home. The two features are going to look and behave distinctly.