Yes, the uploading of information (whole files, piece of them, hashes of them, file names, URLs, hostnames, whatever) is the key concern I was referring to.
How they would manage or public this information is the key. ALL information is taken annonimously.
One one hand I agree with you that how avast actually manages such information is key. On the other hand, I must be honest with myself and admit that I will never know enough about avast corporation, its employees, its relationships with government agencies, etc to be able to assess how they really handle the information they receive. Not even just once, let alone on an ongoing basis. That concept applies almost universally and to every single entity that develops the software I use (I'm not singling out avast at all). I have assisted in the investigation of security breaches and like events, and know that many are not appropriately reported. So I can't assume that I'll learn of something important even though I really do make an effort to keep up with such topics. Lastly, and as a fairly well rounded SW Engineer, I spent a great deal of time researching, discussing, and thinking through the myriad of ways in which information can be correlated with other information. I arrived at a conclusion and philosophy quite some time ago: that any packets (and the information contained within) that leave my network with one of my public IP Addresses are not anonymous in any meaningful reliable sense. So even if absolutely nothing was transmitted to avast servers except my (non-static, but still somewhat sticky) IP Address and the hash of a file, I would not consider that to be "anonymous". Theoretically speaking, avast server's might not even log/use the IP Address for anything but because I can never know if that is true I think it best not to assume it.
Some are in the binary "you either trust or don't trust XYZ" camp. I'd say I'm in the "it isn't about trusting, it's about eliminating where possible the need to trust" camp. By that I mean I endeavor to keep my software set to a minimum and also (not|un)install, block, limit, etc specific components and features that might transmit sensitive information so that I don't have to trust other parties to handle the information in accordance with my preferences.