(no title)

Well, the layers beneath it are AOSP and free software. The situation is certainly not great, with source drops, nonfree firmware blobs, etc. But it is relatively easy to grab an AOSP source-tree for your device, make some changes, rebuild the OS and install this to your phone, given an unlocked/unlockable bootloader. In my opinion this is a highly desirable property of any system I'm using. It also enables things like GrapheneOS and CalyxOS which are Android distributions which focus explicitly on security and privacy.

> Can the Exposure Notification Framework be trusted less than the rest of Android?

ENF is part of Google Play Services and thus proprietary software. It is also a hugely scary and absolutely giant bundle of software you need to keep running in it's entirety, you cannot use just the ENF part. Play services can remotely update any software on your phone, they have also been known to "accidentally" not respect users (location)-tracking opt-out choices. So while I personally don't consider googles ENF implementation problematic (from their docs, the sources are ofc not available) the rest of play services most certainly is.

> Or does this support more hardware?

Apart from the already mentioned gapps free ROMS it supports modern Huawei phones (which also come without gapps). Making it work on Android 5 will probably happen (Google ENF supports Android 6+ afaik)