for the address you only need the public keys and script - you can store those on the PC
for the redeeming transaction you need the signature, public key and script
you need the private key to make a signature
so:
PC creates <sig1> using key1
phone creates <sig2> using key2
phone sends <sig2> (not the key) to PC
the sig is valid only for this transaction, and it must belong to the public key in the address, this will end up being in the transaction anyway, so there are no "secrets" transmitted over the internet
PC puts everything together and creates a redeeming transaction
Ok that explains it, thanks!