First of all, Thanks guys for all your valuable input on this issue. I have been doing something similar to what KiatoGS has described but instead of directing them to a phishing page for one website, I have been redirecting them to a spoofed "Android Security Update" page where my server of AndroRat is downloaded. I have it set up in mobile format and if a standard browser opens it, they will be redirected to Google. I have been quiet successful doing this and haven't even crypted my server. I guess most people think they don't need an AV on their phone.. As far as the Metasploit/Armitage attack goes.. I attempted this and it was just too much of a hassle. I would rather have something I can automate. BUT my pineapple is acting up again, have to see about getting a replacement be for any more research can be done.. :(