I do believe this should go in another section but I'll give you my understanding of the issue anyway.

As far as I remember there are very few (if any) keyloggers for iOS in the wild. The primary risks come from Android due to the way that the OS was designed.

For example, iOS "sandboxes" or isolates a lot of their apps from each other. This makes it substantially harder for potential hackers to make their malware operate between apps. This does not apply to jailbroken iPhones, however, and they are at risk of getting Malware. I'm not sure about the technical details, unfortunately.

Now Android, on the other hand, doesn't have this sandboxing as consistently as iOS due to the variety of flavors of Android that exist and are used by manufacturers. This makes it easier for people to potentially exploit common code in the OS and add a keylogger. How I don't know, because I'm not an Android dev.

As for affiliate links, if they're from the website itself you can't really get a keylogger unless the website itself is malicious as far as I know. Don't click on shortened URLs in a vulnerable environment and make use of virtual machines if you absolutely want to access a website but are still concerned.

Take my word with a grain of salt, though, because I am not a computer scientist and I do not do dev work on mobile devices right now. My answer may change in the future as I'm currently doing some courses related to this topic.