diff --git a/lib/actions/user-actions.js b/lib/actions/user-actions.js
--- a/lib/actions/user-actions.js
+++ b/lib/actions/user-actions.js
@@ -3,6 +3,7 @@
 import invariant from 'invariant';
 import * as React from 'react';
 
+import { useBroadcastDeviceListUpdates } from '../hooks/peer-list-hooks.js';
 import type {
   CallSingleKeyserverEndpoint,
   CallSingleKeyserverEndpointOptions,
@@ -15,6 +16,7 @@
 import { useKeyserverCall } from '../keyserver-conn/keyserver-call.js';
 import type { CallKeyserverEndpoint } from '../keyserver-conn/keyserver-conn-types.js';
 import { usePreRequestUserState } from '../selectors/account-selectors.js';
+import { getForeignPeerDevices } from '../selectors/user-selectors.js';
 import {
   getOneTimeKeyValuesFromBlob,
   getPrekeyValueFromBlob,
@@ -52,7 +54,7 @@
 import type {
   Identities,
   IdentityAuthResult,
-} from '../types/identity-service-types';
+} from '../types/identity-service-types.js';
 import type {
   RawMessageInfo,
   MessageTruncationStatuses,
@@ -251,8 +253,21 @@
 });
 
 function usePrimaryDeviceLogOut(): () => Promise<LogOutResult> {
+  const broadcastDeviceListUpdates = useBroadcastDeviceListUpdates();
+  const foreignPeerDevices = useSelector(getForeignPeerDevices);
+
   const logOut = useLogOut(primaryDeviceLogOutOptions);
-  return logOut;
+  return React.useCallback(async () => {
+    // - logOut() performs device list update by calling Identity RPC
+    // - broadcastDeviceListUpdates asks peers to download it from identity
+    // so we need to call them in this order to make sure peers have latest
+    // device list.
+    // We're relying on Tunnelbroker session stil existing after calling logout
+    // and auth metadata not yet cleared at this point.
+    const logOutResult = await logOut();
+    await broadcastDeviceListUpdates(foreignPeerDevices);
+    return logOutResult;
+  }, [broadcastDeviceListUpdates, foreignPeerDevices, logOut]);
 }
 
 const secondaryDeviceLogOutOptions = Object.freeze({