Non-silent push notifications do not work for a non-developer device with iOS 10.0. There are no problems with certificates or profiles, also APNS does not respond with "Bad error" any other error so it seems that the token is valid (I've tried to send notifications from the server and from local tool named Pusher and results were the same).

When I plug the device to a Mac and see Console logs I can see following lines:

default 15:43:26.138766 +0300   apsd    2017-07-12 15:43:26 +0300 apsd[86]: isAppSpecificTokenValid? <cf0d4bad 846685a1 0b0e4e34 0e1ad03e 74c00df2 295a23e3 7586f94c 78c46284> found cached token NO
default 15:43:26.139477 +0300   apsd    2017-07-12 15:43:26 +0300 apsd[86]: Received incoming push notification for topic: <my.app.id> but for a completely unknown token <cf0d4bad 846685a1 0b0e4e34 0e1ad03e 74c00df2 295a23e3 7586f94c 78c46284>
default 15:43:26.140523 +0300   apsd    2017-07-12 15:43:26 +0300 apsd[86]: <APSCourier: 0x1004109c0>: Responding with REMOVED status for message received with topic: '<my.app.id>' to device token (instead of per-app token)

I can't figure out the steps to reproduce this bug, but it may be related to the installing the AppStore version over the TestFlight version.

but it may be related to the installing the AppStore version over the TestFlight version.

For this to be an issue, it sounds like you aren't doing the registerForRemoteNotifications every time the app launches. You should be doing this call every time (and possibly updating it on your backend) because there is a chance that it can change, and there is also the chance that the user has changed permissions on your application when it wasn't running.