What are the details or rules governing what will work here? Does it have to do with certificates/provisioning profile or just the bundle id?
If for example I have a user who has an issue with app downloaded from the App Store and I want to examine their app bundle, can I attach their iOS device to a Mac with XCode, compile the app overtop the app store version, and then download the bundle from the Device Manager?
You can do what you want, but both the AppStore and replacement app must have the same bundle ID and be signed with certificates from the same developer account.