Are you talking about web apps, mobile apps, desktop apps, or browser extensions?
All of them.
I think webapps already have to ask for permission for USB and bluetooth.
Desktop apps on Windows and Linux are generally able to do anything. Read any file, etc. Locking them down with a permission system would be a big change.