OK, here is a thought, You can setup EvilAP on a pineapple and get all the lootz on the people that have WiFi enabled and autoconnect setup (most people). But what about people like Us? the ones that are smart enough to turn off WiFi, not autoconnect to networks etc? Why not attack 3-4G!
Think about this. You can pick up a mobile Cell Repeater to help with low cellular signal strength at home, but why not hack it so that "anyone" can connect to the mobile tower, rather than the small list of users in your home. Then as you walk into a location, you can automagically pick up all communications (as you will now be the local tower), then if you have the connections, you can send the data through from the cell AP to the Pineapple to hit the fake portals to reap more lootz before passing them on to the internet connection on the Pineapple.
My guess would be that you'd have to find some way of accepting the connection with the AP as either unencrypted or break that encryption between AP and Pineapple, then re-encrypt on the back end, or would you. The pwned cell data user would probably not see any difference provided that they are connecting via HTTPS to the website of their choice, and of course, the APs are branded, so you will only get 1 vendor at a time/roamers (but they are few now). But think of the Pwnage!!!
PS> As a (mostly) WhiteHat, this is of course for testing purposes only, if anyone can figure out the way to do it...
Bob