Answers to the questionnaire for Generic Sensor API can be found here.
Yes, but not directly. Accelerometer specification requires user permission and implementation of applicable mitigation strategies to address potential risks. For more information, please see: Security and Privacy section.
Yes, but not directly.
Sensor readings are explicitly flagged by the Secure Contexts specification [POWERFUL-FEATURES] as a high-value target for network attackers. Thus all interfaces defined by this specification or extension specifications are only available within a secure context.
Indirectly, accelerometer sensor readings can be used to infer user input.
3.3 Does this specification introduce new state for an origin that persists across browsing sessions?
No.
No.
3.5 Does this specification expose any other data to an origin that it doesn’t currently have access to?
No.
No.
Not directly; However, accelerometer data can be used in combination with other sensors to calculate, things like speed, how many steps were taken, etc., therefore, infer new position of the end user. Accelerometer requires user permission and implementation of applicable mitigation strategies to avoid potential risks.
Yes.
3.9 Does this specification allow an origin access to aspects of a user’s local computing environment?
Yes. If user agent has permission to access accelerometer, the API provides means to check if sensor is available within user’s local computing environment.
No.
No.
No.
No.
Specification does not restrict access to a particular mode, nor work differently. However, this can be revisited when privacy mode would be formally specified.
No.
Yes.
See: Security & Privacy section.
No.