horde Nice find -- thanks for sharing!
A quick skim of the Arxiv paper referenced by the article seems align with various posts from the GrapheneOS team suggesting MediaTek devices may not be security leaders. The study is also consistent with the Pixel team being reasonably on top of vulnerabilities in chips they ship (e.g., Samsung modems) and quick to issue patches. Since the GrapheneOS team is quick to incorporate and ship those patches, GrapheneOS users seem to be well positioned.
That said, this study seems consistent with the idea that once a device becomes EOL, and firmware support ends, vulnerabilities may start to pile up quickly. And, in particular, vulnerabilities found and patched in newer devices are likely to affect some older devices that won't be patched. Threat actors may plausibly take advantage of the publication of patches for supported devices to learn how to attack EOL devices.
Overall this study seems consistent with the GrapheneOS project's focus on Pixel devices and also the strong statements about the importance of retiring Pixel devices once firmware support ends.