On a different note, I am not sure where the software gets the bitcoin app from. It must communicate with Ledger's servers and get it from there I would believe. If not, what's the source and who has checked it...
I briefly looked at the code a long time ago, not trying to analyse it fully as I'm not going to get or use any Ledger hardware crap. No Rust expert, either.
The software talks to some Ledger API that Ledger Live also uses to perform some basic functionality around the Ledger Bitcoin app fetched from Ledger's servers. And as written on the Github repo it's merely a PoC which indeed hasn't been refined substantially.
The Ledger API is mentioned in code's comment and easy to spot in the code here and there, see
https://github.com/darosior/ledger_installer/blob/master/ledger_manager/src/lib.rsSome URLs taken from above link to code:
https://manager.api.live.ledger.com/api
https://manager.api.live.ledger.com/api/v2
wss://scriptrunner.api.live.ledger.com/update
It can't yet install/upgrade/downgrade Ledger hardware firmware. At least you can check if your Ledger crap is genuine and you can install, update and open the Bitcoin app on your Ledger Nano, if you dare to control any Bitcoins with a Ledger.