Changes

And just like website data is sandboxed per app, so are permission grants. If App A loads a page from http://maps.google.com and that page requests to use geolocation and the user says "yes, and remember this decision for all times", this only means that http://maps.google.com has access to geolocation withing within App A. If App B then opens http://maps.google.com, that page won't have access to geolocation unless the user grants that permission again.

And just like in the normal browser, permissions are separated by origin. This means that if App A is granted permission to use Geolocation, this does not mean that all origins running in App A has have the permission to use Geolocation. If App A opens an <iframe> to http://maps.google.com, that website then http://maps.google.com still has to ask the user for permission before geolocation access is granted.