diff --git a/apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewaySession.kt b/apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewaySession.kt
index 5550ec00664..b7040d2ae27 100644
--- a/apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewaySession.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/android/gateway/GatewaySession.kt
@@ -307,16 +307,18 @@ class GatewaySession(
         val msg = res.error?.message ?: "connect failed"
         val hasStoredToken = !storedToken.isNullOrBlank()
         val canRetryWithShared = hasStoredToken && trimmedToken.isNotBlank()
-        if (hasStoredToken) {
-          deviceAuthStore.clearToken(identity.deviceId, options.role)
-        }
         if (canRetryWithShared) {
           val sharedPayload = buildConnectParams(identity, connectNonce, trimmedToken, password?.trim())
-          res = request("connect", sharedPayload, timeoutMs = 8_000)
-        }
-        if (!res.ok) {
-          val retryMsg = res.error?.message ?: msg
-          throw IllegalStateException(retryMsg)
+          val sharedRes = request("connect", sharedPayload, timeoutMs = 8_000)
+          if (!sharedRes.ok) {
+            val retryMsg = sharedRes.error?.message ?: msg
+            throw IllegalStateException(retryMsg)
+          }
+          // Stored device token was bypassed successfully; clear stale token for future connects.
+          deviceAuthStore.clearToken(identity.deviceId, options.role)
+          res = sharedRes
+        } else {
+          throw IllegalStateException(msg)
         }
       }
       handleConnectSuccess(res, identity.deviceId)