Currently I am setting up Facebook API login. The key hash for android is fine if it does not match the one on developer page setting then Facebook will reject your request and say that there are invalid key hash or something like this; however when using web browser to sign-in through my debug apk (even though I don't have signed any key), everything works successfully without an issue. So what's the point of setting key hash?