My impression is that this set of APIs will only be available where a device administrator has set up the same sort of device configuration that would allow them to run a native application at startup. Is that right Anqing? If this is enabled one origin at a time, and it's more scary to enable this for an origin than it is to install a native app, the overall idea seems ok to me. It also doesn't look like this gives access to the device's geolocation: the navigator.device.getAnnotatedLocation() function says it returns the "the administrator-annotated location", so probably just a direct copy from a string in the enterprise policy?
Anqing, it might be helpful if https://github.com/Ananubis/WebApiDevice/blob/master/Explainer.md
showed rough screenshots of an end-to-end UI flow that a device administrator or owner could use to turn this on for an origin and set the values that it returns. We wouldn't want the eventual spec to _require_ any particular UI flow, but it'd be good to have it show examples of what we think is safe-enough.
It would probably also be good to be more precise than just "Device Web API" for describing this set of APIs. There's already a "Devices and Sensors" working group at the W3C (https://www.w3.org/das/
) that covers a broader range of things. Might this be an "Enterprise Policy API"?