Assume that you build a native android app which uses Facebook login. For that first you have to build a Facebook app and configure Package Name, Class Name, Key Hashes of your android app. I assume the authenticity of app is validated through this Key hash. but the problem is after we configure this key in Facebook app, we never configure it in our mobile app or send it to Facebook when we make API calls. So how does the Facebook validates that this is the original app which is making the API call?