androidfacebookandroid-libraryfacebook-sdk-4.0android-facebook

Questions about Development and Release Key Hashes for Facebook SDK for Android


I read the guides in the FB Developer website.

To create a Development Key Hashes

keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore | openssl sha1 -binary | openssl base64

And to create a Release Key Hashes

keytool -exportcert -alias YOUR_RELEASE_KEY_ALIAS -keystore YOUR_RELEASE_KEY_PATH | openssl sha1 -binary | openssl base64

I have 6 questions:

  1. What do those Key Hashes do?

  2. Why is there a need to create different key hashes for both Release and Development?

  3. If I haven't published my app to the PlayStore yet. Can I use the Release Key instead of using the Development key?

  4. If I my app is live in PlayStore, can I keep using the Development key?

  5. What should I put into YOUR_RELEASE_KEY_ALIAS and YOUR_RELEASE_KEY_PATH? Can anyone provide samples please?

  6. Why is that when we develop for iOS, those key hashes were not required?

Extra question that is unrelated

What does this Single Sign On button do? enter image description here


Solution

  • Q: What do those Key Hashes do?

    Signing Your Applications

    • Android requires that all apps be digitally signed with a certificate before they can be installed. Android uses this certificate to identify the author of an app, and the certificate does not need to be signed by a certificate authority. Android apps often use self-signed certificates. The app developer holds the certificate's private key.

    Signing Overview

    • You can sign an app in debug or release mode. You sign your app in debug mode during development and in release mode when you are ready
      to distribute your app. The Android SDK generates a certificate to
      sign apps in debug mode. To sign apps in release mode, you need to
      generate your own certificate. For your further reference you can
      look at what keyhashes are at

    Q: Why is there a need to create different key hashes for both Release and Development?

    As you know android uses different Keystores for both development and release, since the two keystores are different in every aspect, they both have different fingerprints and SHA-1 hashes hence they are treated entirely different.

    Q: If I haven't published my app to the PlayStore yet. Can I use the Release Key instead of using the Development key?

    Yes you can use the release key for APK generation purposes only however if you are in debug mode this key wont work at all.

    Q: If I my app is live in PlayStore, can I keep using the Development key?

    Yes you can keep using development key but you cannot use the debug key.

    Q:What should I put into YOUR_RELEASE_KEY_ALIAS and YOUR_RELEASE_KEY_PATH? Can anyone provide samples please?

    attached is image if you are concerned about facebook keys enter image description here

    Q:Why is that when we develop for iOS, those key hashes were not required?

    That is due to platform requirement. It isn't necessary that if one platform requires one thing the other platform will also.

    Single Sign On

    Single sign-on is roughly an extension of (and replacement for) services like Facebook Connect, connecting you to third-party social apps and services. If you're already logged on to Facebook on your mobile phone, you'll be able to sign in to other apps using your Facebook credentials.

    Here is the code to generate fb fingerprint.

    public void generateFbFingerPrint() {
        try {
            PackageInfo info = getPackageManager().getPackageInfo(
                    "com.group3amd.gc.activity",
                    PackageManager.GET_SIGNATURES);
            for (Signature signature : info.signatures) {
                MessageDigest md = MessageDigest.getInstance("SHA");
                md.update(signature.toByteArray());
                String sign = Base64
                        .encodeToString(md.digest(), Base64.DEFAULT);
                Log.e("KEYHASH:", sign);
                Toast.makeText(getApplicationContext(), sign, Toast.LENGTH_LONG)
                        .show();
            }
        } catch (NameNotFoundException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
    
    
    
    
    }