7

I have accomplished developing an android app that uses the facebook sdk to integrate with Facebook. I have no issue or problem to solve at this point with the app as it is functional and runs nicely - but with that said I believe that even though the app is running, I still don't fully understand what's the android key hash.

1) I understand the facebook sdk supplies the developer with a unique app id to know to whom their "talking" with so they'll also have control on who's who and such, but what do they gain out of having your android key hash?

2) I understand that my emulator on the development PC has a key hash (which i got), and both Samsung Galaxy S1 and S2 (which both have the same key hash) have a different one, and now I've passed the apk to another user which has a different key hash (and a different phone brand and android version). So - if I publish my app on Google Play one day, will i be needing to update facebook/developers of all the possible hash keys?

3) Is the hash key unique and constant to a model or a platform/android version, or can i generate a key hash from my app so i can add just that and make all the same app that's running from different phones use the same one?

4)again in general - i don't understand whats the key hash, who generates it, and most importantly why - what's the use of the key hash, and what good is it for facebook?

I've tried to search for it, but in here i've found just questions about the steps of knowing whats the emulator key hash or directions on what to do with Facebook/developers on Google. I'm sure there's documentation that covers this, couldn't find it.

Thanks!

Dhruv
  • 1,862
  • 3
  • 20
  • 38
user1555863
  • 2,567
  • 6
  • 35
  • 50

2 Answers2

19

1) I understand the facebook sdk supplies the developer with a unique app id to know to whom their "talking" with so they'll also have control on who's who and such, but what do they gain out of having your android key hash?

It's for an additional layer of security to verify the identity of the application as you can see in the documentation.

2) I understand that my emulator on the development PC has a key hash (which i got), and both Samsung Galaxy S1 and S2 (which both have the same key hash) have a different one, and now I've passed the apk to another user which has a different key hash (and a different phone brand and android version). So - if I publish my app on Google Play one day, will i be needing to update facebook/developers of all the possible hash keys?

Key hash is based on the computer you use to build the APK, it is not dependent on what phone it is run on. So, if you only work on your app from one development machine then there is only one key hash you have to worry about for your app. Currently, you are using an android debug key when you are still developing your app, when you want to publish to Google Play, Google requires you to sign the APK with your own key, and not the android debug key. When you create your own key to sign your APK, you need to also copy and paste the key hash of your own key in the app settings on Facebook.

3) Is the hash key unique and constant to a model or a platform/android version, or can i generate a key hash from my app so i can add just that and make all the same app that's running from different phones use the same one?

Like I said above, key hash is not associated with which platform/device it is run on, a key hash is associated with which machine you build your APK on. So for testing purposes, you find the key hash of the android debug key and paste it in the app settings, and all phones that run that APK build will work. In short, hash key => development PC, NOT hash key ==> phone

4)again in general - i don't understand whats the key hash, who generates it, and most importantly why - what's the use of the key hash, and what good is it for facebook? I've tried to search for it, but in here i've found just questions about the steps of knowing whats the emulator key hash or directions on what to do with Facebook/developers on Google. I'm sure there's documentation that covers this, couldn't find it. Thanks!

Key hash is a hash of the key that is used to sign an APK when you compile your app. Eclipse automatically does this for you with the android debug key, but when you upload to Google Play you need to create your own key. It's good for you and for Facebook because it is an additional layer of security to make sure that the app calling the API on your behalf is actually your app.

Jesse Chen
  • 4,928
  • 1
  • 20
  • 20
  • thank you very much for your informative answer. the only thing that doesn't fit here with what you say (which i believe that is true) is the fact that i've put in onFacebookError method a toast with e.getMsg() as the string to display, and on different phone brands i get a different message telling me that i need to add a different hash to the app settings page on facebook. this is the same app that i've built with the dev PC, but for a fact the facebook api indicates that the app from the device is trying to operate with a different hash. how so? – user1555863 Sep 06 '12 at 21:30
  • after adding the hash key quoted in the message of e.getMsg (e is a parameter of onFacebookError) the app works. but it does not work with the first hash used for the emulator, that i got with openssh – user1555863 Sep 06 '12 at 21:32
  • 1
    You'll want to make sure that you entered the correct hash by following the instructions on our documentation, making sure that the command prompted you for the password, which is "android". If it doesn't ask for one, then the hash key is incorrect. Also, depending on the PC, sometimes the key can change and if so, the hash changes and you'll have to just accommodate for that. This is not a concern, though, when you finally sign the app with your own key. – Jesse Chen Sep 06 '12 at 23:42
  • Hi, I along with my friend are developing a App which has login with Facebook.We both generated our own key hash and gave it while generating the keyhash. The problem is I can sign in through Facebook but my friend cannot.What may be the problem ? – AndroidGeek Aug 30 '13 at 07:53
  • Hi @JesseChen is it possible that hash for debug key (which is generated by sdk in .android folder) on two different machines will be different? If Yes How? why? – Yogesh Dec 29 '15 at 15:04
2

There is a single key with which you signup your application and you will have to associate with your Facebook developer profile, see this. In order for you to test application on various devices before deploying you should use android debug key as explained in Android documentation

peter_budo
  • 1,748
  • 4
  • 26
  • 48
  • i am using the debug key.. but is it possible that there are different debug keys on different phones? when i'll sign the app, it will be the same key for all devices? – user1555863 Sep 06 '12 at 14:01
  • Then something is wrong with your signing process. If you describe steps you use to sign app with debug key we may be able to help you correct it. – peter_budo Sep 06 '12 at 16:16
  • actually i haven't done anything. i read on the docs that if you do not sign the app, the development plug-in signs it for you, so you can be unaware of the whole signing process. i'm using Eclipse – user1555863 Sep 06 '12 at 16:23
  • If what you say is truth you still have problem because facebook specifically ask >Also make sure you are using the correct password - for the debug keystore, use 'android' to generate the keyhash. – peter_budo Sep 06 '12 at 18:42
  • i didn't get your last comment – user1555863 Sep 06 '12 at 21:24
  • As Jesse said it was android you had to use, hence the single quotes in my previous comment – peter_budo Sep 07 '12 at 07:42