PWA permission bypass

Samsung Internet Version: version and later
URLs (if applicable) :
Other browsers tested:
Safari: No issues
Firefox: Same issues
Chrome: Same issues
Edge: Same issues

What steps will reproduce the problem?
(1) Open Opera on an Android device.
(2) Visit the PWA website, which hosts multiple Progressive Web Applications (PWAs) within the same domain.
(3) Download and install multiple PWAs from the website, each associated with different restaurant owners. For example, you can download PWA1:, PWA2:
(4) Click the PWA1 and order delivery food, allow geolocation permission when it prompts
(5) Click on PWA2 on your mobile device to order pickup food. Note that PWA2 does not explicitly request geolocation permission, but it can access geolocation data since it belongs to a different restaurant owner. This allows them to track your geolocation without your explicit consent.

What is the expected result?
Different PWAs with distinct Compute App IDs should isolate their permissions.

What happens instead?
The PWAs do not isolate their permissions, leading to the issue where one PWA can access permissions granted to another PWA within the same domain.

same origin, what did you expect?

Are you sure this is not the intended behavior?
I think it would be best if the issue was reported directly to the Chromium bug tracker since most of the browsers with issues are chromium based.