My friend is apprehensive about jailbreaking because he thinks a downloaded jailbreak app/tweak could contain a virus or, more specifically, a keylogger. Is this technically feasible, or is there some sort of intrinsic protection afforded by iOS that carries over even after jailbreaking? And to be specific, I am not talking about SSH vulnerability if one enables it and leaves the root password unchanged. I am talking about the vulnerability of running a non-Apple reviewed/approved app, advertised as benign and useful but secretly containing malware, on a device that has been rooted. For example, say I downloaded f.lux from an unofficial repository that had been coupled with a small keylogger that sends, through some medium, all the passwords and financial information I've typed on my iPhone since installation - is this a practical concern?