If you'd like to know how Ledger Live works architecturally, it's good to take a look at satstack (where you stop querying Ledger for addresses entirely and use your own node): https://github.com/LedgerHQ/satstack

As you can see; the flow is:

Signing Device -> xpub to Ledger Live (local, never shared) -> Query n+x Addresses (external).

Essentially this image but replace satstack by Ledger's own explorer by default:

https://github.com/LedgerHQ/satstack/raw/master/share/architecture.svg