The problem with closed-source software is that independent coders don't have access to your code and can't verify your claims. One side claims that the seed was sent in plain text, you claim it was broadcasted in a HTTPS request. The community can't check and verify for themselves so they have to take your word for it or the word of Cipherblade, or not.

I hardly believe though that someone at Google was searching the records, discovered something that looked like a seed, restored the wallet, and emptied his funds. It is possible in theory, but I don't believe that is what happened.

In the report, it is said that the first transactions into the addresses associated with those where hacked funds were sent received deposits in October 2018, but the Coinomi desktop app that had the vulnerability wasn't released until December 2018. Again, the community has to take your word for it because they can't verify your code and check older versions of the Coinomi desktop client or the mobile apps.

That is still not proof that what he says is true, but there is also no proof when and how many of your apps had the vulnerability.