There's two flaws here. 1: When your device is encrypted on KitKat and below, you must enter the decryption password to boot. So no remote access unless the device is already running (which it probably is, but still). I don't know if Lollipop and above are different since I keep encryption off in favor of speed. 2. You can install all the apps you want remotely, but they must be launched by the user at least once before they can start running any background processes. There was an exploit in Android 2.1 and below that allowed an app to run immediately, and there was a "locate my phone" tool that exploited exactly this so you could install it remotely AFTER losing your phone, but it no longer works.
You are in the hall of the mountain king.