We temporarily track with IP addresses. When someone goes to the landing page, we temporarily record the IP address and where the traffic came from, and then if they actually run the installer within a few days, we link up the install with the source of the traffic.
Edit: The installer checks our server to make sure it has the most recent version, and that's where we compare IP's.
If you can store the AdWords click ID on the server with the IP, you might be able to use your matcher to record the install as a conversion. AdWords should start optimising for installs vs downloads. But if you can carry over to some kind of in app purchase, I’d do that too, using avg value of an install as the install value and then any of the in app purchase values as the conversion values.
Think we filed a patent but it's possible to do this server side to inject a string into a payload area without affecting the integrity of the binary (can't recall how we did it but search patent search for my name at Google)
Regarding GDPR, shouldn't it be opt-in without forcing them to agree, clearly presented to the user and not hidden behind checking for updates to be compliant?
e.g. each install contains a unique slug, when the installer is opened you use the unique slug to know where it is coming from?