diff --git a/lib/hooks/qr-auth.js b/lib/hooks/qr-auth.js
--- a/lib/hooks/qr-auth.js
+++ b/lib/hooks/qr-auth.js
@@ -71,6 +71,7 @@
     void (async () => {
       const message = await composeMessage(aesKey, {
         type: qrCodeAuthMessageTypes.SECONDARY_DEVICE_REGISTRATION_SUCCESS,
+        requestBackupKeys: true,
       });
       await sendMessage({
         deviceID: primaryDeviceID,
diff --git a/lib/types/tunnelbroker/qr-code-auth-message-types.js b/lib/types/tunnelbroker/qr-code-auth-message-types.js
--- a/lib/types/tunnelbroker/qr-code-auth-message-types.js
+++ b/lib/types/tunnelbroker/qr-code-auth-message-types.js
@@ -25,10 +25,12 @@
 
 export type SecondaryDeviceRegistrationSuccess = {
   +type: 'SecondaryDeviceRegistrationSuccess',
+  +requestBackupKeys: boolean,
 };
 export const secondaryDeviceRegistrationSuccessValidator: TInterface<SecondaryDeviceRegistrationSuccess> =
   tShape<SecondaryDeviceRegistrationSuccess>({
     type: tString(qrCodeAuthMessageTypes.SECONDARY_DEVICE_REGISTRATION_SUCCESS),
+    requestBackupKeys: t.Boolean,
   });
 
 export type BackupDataKeyMessage = {
diff --git a/native/profile/secondary-device-qr-code-scanner.react.js b/native/profile/secondary-device-qr-code-scanner.react.js
--- a/native/profile/secondary-device-qr-code-scanner.react.js
+++ b/native/profile/secondary-device-qr-code-scanner.react.js
@@ -116,33 +116,36 @@
         innerMessage,
       );
       if (
-        payload?.type !==
-        qrCodeAuthMessageTypes.SECONDARY_DEVICE_REGISTRATION_SUCCESS
+        !payload ||
+        payload.type !==
+          qrCodeAuthMessageTypes.SECONDARY_DEVICE_REGISTRATION_SUCCESS
       ) {
         return;
       }
 
       void broadcastDeviceListUpdate();
 
-      const backupSecret = await getBackupSecret();
-      const backupKeysResponse =
-        await commCoreModule.retrieveBackupKeys(backupSecret);
-      const backupKeys = assertWithValidator<BackupKeys>(
-        JSON.parse(backupKeysResponse),
-        backupKeysValidator,
-      );
+      if (payload.requestBackupKeys) {
+        const backupSecret = await getBackupSecret();
+        const backupKeysResponse =
+          await commCoreModule.retrieveBackupKeys(backupSecret);
+        const backupKeys = assertWithValidator<BackupKeys>(
+          JSON.parse(backupKeysResponse),
+          backupKeysValidator,
+        );
 
-      const backupKeyMessage = await composeTunnelbrokerQRAuthMessage(
-        encryptionKey,
-        {
-          type: qrCodeAuthMessageTypes.BACKUP_DATA_KEY_MESSAGE,
-          ...backupKeys,
-        },
-      );
-      await tunnelbrokerContext.sendMessage({
-        deviceID: targetDeviceID,
-        payload: JSON.stringify(backupKeyMessage),
-      });
+        const backupKeyMessage = await composeTunnelbrokerQRAuthMessage(
+          encryptionKey,
+          {
+            type: qrCodeAuthMessageTypes.BACKUP_DATA_KEY_MESSAGE,
+            ...backupKeys,
+          },
+        );
+        await tunnelbrokerContext.sendMessage({
+          deviceID: targetDeviceID,
+          payload: JSON.stringify(backupKeyMessage),
+        });
+      }
 
       Alert.alert('Device added', 'Device registered successfully', [
         { text: 'OK' },