>Most important thing for me is sandboxing, no abuse of the device's data and sensors. I hate how most native apps invade your privacy.
User abuse is rampant on the Web. For example, those APIs you mention are used to fingerprint machines. If you're genuinely concerned with abuse of privacy, you'd do yourself a huge favor by researching the history and current mechanisms for such abuse by websites and, by extension, PWAs.
I'm well aware of browser fingerprinting, I take my privacy seriously and do my best to protect it.
Both on desktop and mobile I use an array of browser extensions to limit online tracking and fingerprinting. On Android I use Webapps Sandboxed Browser [1] to log in to webapps without leaking the logged in status to other websites.
I feel that with the web I get a fighting chance, while native apps are designed for tracking you.
User abuse is rampant on the Web. For example, those APIs you mention are used to fingerprint machines. If you're genuinely concerned with abuse of privacy, you'd do yourself a huge favor by researching the history and current mechanisms for such abuse by websites and, by extension, PWAs.