I m working with facebook sdk for android, and I ve red almost every documentation I ve found about it, but what confuses me, is the keyHash, I ve heard that its made for security, and in this slidenerd tutorial Mr Vivek says that its supposed to be secret, but he didn't remove the code which generated it, and anybody who can have that same code could generate the same hash since there its not a salted hash. I m a bit confused about it, so please tell me what I m missing. thanks in advance.
tl;dr: The key hash does not need to be a secret. It's essentially a signature that allows Facebook to verify your app.
Long version:
When you create your apk, you use a key in your keystore to sign it (debug for dev builds, release for prod builds).
The key hash is a sha1 hash of your key, and when you put it in your app settings, Facebook associates this value with your app.
When your app goes to use any SDK features within the Facebook app (SSO, share dialogs, etc), the Facebook app is able to extract the signature from your app, generate the key hash, and send it to the server. The server will verify that the value sent up is one that's associated with your app. This way, if someone tries to spoof your app, it will fail on the server side since the key hash will be different (as long as they don't have access to your signing keys).