According to AVAST, that data was sent to a URL controlled by Georgi Tanmazov, the CEO of Incorporate Apps, and the developer of Walk and Text, as well as other Android apps.

"It was very obvious that the information went to his URL," said Vincent Steckler, the CEO of AVAST in an interview Friday. "Was there something receiving the information? [Tanmazov] said there was not. But from what we could see, yes, there was something there receiving the information."

Tanmazov flatly denied that he created the malicious version of Walk and Text.

"AVAST has indeed claimed there is a link to our servers, but there was no such file on our servers, and logs could probably prove this," said Tanmazov in an e-mail interview, also on Friday. "There is also no personal information being saved on our servers and this could also easily be proven."

Steckler said that he has yet to see that proof, and called on Tanmazov to share his server logs.