Ledger Live is completely open source.
https://github.com/LedgerHQ/ledger-live
You can build it yourself.
People shit on Ledger (rightfully) for closed-source device firmware (the OS running on the signing device, which has nothing to do with sharing xpubs).
If you'd like to know how Ledger Live works architecturally, it's good to take a look at satstack (where you stop querying Ledger for addresses entirely and use your own node): https://github.com/LedgerHQ/satstack
As you can see; the flow is:
Signing Device -> xpub to Ledger Live (local, never shared) -> Query n+x Addresses (external).
Essentially this image but replace satstack by Ledger's own explorer by default:
https://github.com/LedgerHQ/satstack/raw/master/share/architecture.svg
