I think that @SkewedZeppelin is addressing the Kernel issues as well, so the results of the paper might be no surprise to those dealing with this on a daily basis and across devices
more often are modified so much that they need to instead have patches manually tweaked (backported) to work. Google, Qualcomm, and other manufacturers do actually do this work but they still need to be manually applied by device maintainers.
The kernel also sports many built-in security features, that most devices actually have disabled!
and created tools to circumvent this (at least partially) in DivestOS