[not1ofU]

As I mentioned above, the SOC team can detect the exact process ID for these app really easily. No plausible deniability.

[CameronNemo]

What do you mean by process ID? A PID seems like a useless bit of information. Now an app bundle or process executable checksum... Seems more useful. But couldn't you build the app from source and add a but of random data into the executable?