facebook - android hash key

Question

I have accomplished developing an android app that uses the facebook sdk to integrate with Facebook. I have no issue or problem to solve at this point with the app as it is functional and runs nicely - but with that said I believe that even though the app is running, I still don't fully understand what's the android key hash.

1) I understand the facebook sdk supplies the developer with a unique app id to know to whom their "talking" with so they'll also have control on who's who and such, but what do they gain out of having your android key hash?

2) I understand that my emulator on the development PC has a key hash (which i got), and both Samsung Galaxy S1 and S2 (which both have the same key hash) have a different one, and now I've passed the apk to another user which has a different key hash (and a different phone brand and android version). So - if I publish my app on Google Play one day, will i be needing to update facebook/developers of all the possible hash keys?

3) Is the hash key unique and constant to a model or a platform/android version, or can i generate a key hash from my app so i can add just that and make all the same app that's running from different phones use the same one?

4)again in general - i don't understand whats the key hash, who generates it, and most importantly why - what's the use of the key hash, and what good is it for facebook?

I've tried to search for it, but in here i've found just questions about the steps of knowing whats the emulator key hash or directions on what to do with Facebook/developers on Google. I'm sure there's documentation that covers this, couldn't find it.

Thanks!

Answer 1

1) I understand the facebook sdk supplies the developer with a unique app id to know to whom their "talking" with so they'll also have control on who's who and such, but what do they gain out of having your android key hash?

It's for an additional layer of security to verify the identity of the application as you can see in the documentation.

2) I understand that my emulator on the development PC has a key hash (which i got), and both Samsung Galaxy S1 and S2 (which both have the same key hash) have a different one, and now I've passed the apk to another user which has a different key hash (and a different phone brand and android version). So - if I publish my app on Google Play one day, will i be needing to update facebook/developers of all the possible hash keys?

Key hash is based on the computer you use to build the APK, it is not dependent on what phone it is run on. So, if you only work on your app from one development machine then there is only one key hash you have to worry about for your app. Currently, you are using an android debug key when you are still developing your app, when you want to publish to Google Play, Google requires you to sign the APK with your own key, and not the android debug key. When you create your own key to sign your APK, you need to also copy and paste the key hash of your own key in the app settings on Facebook.

3) Is the hash key unique and constant to a model or a platform/android version, or can i generate a key hash from my app so i can add just that and make all the same app that's running from different phones use the same one?

Like I said above, key hash is not associated with which platform/device it is run on, a key hash is associated with which machine you build your APK on. So for testing purposes, you find the key hash of the android debug key and paste it in the app settings, and all phones that run that APK build will work. In short, hash key => development PC, NOT hash key ==> phone

4)again in general - i don't understand whats the key hash, who generates it, and most importantly why - what's the use of the key hash, and what good is it for facebook? I've tried to search for it, but in here i've found just questions about the steps of knowing whats the emulator key hash or directions on what to do with Facebook/developers on Google. I'm sure there's documentation that covers this, couldn't find it. Thanks!

Key hash is a hash of the key that is used to sign an APK when you compile your app. Eclipse automatically does this for you with the android debug key, but when you upload to Google Play you need to create your own key. It's good for you and for Facebook because it is an additional layer of security to make sure that the app calling the API on your behalf is actually your app.