Given that these are mobile phones, a more sensible way of transferring a secret between devices would be to display a QR code on the old device and scan it on the new one. You could even make this secure against local eavesdroppers by encrypting the data in the QR code with a key provided to the devices by the server.