Facebook documentation focuses on the point that applications accessing user's data from Facebook should not ask for any permission they are not going to make use of (especially
offline_access). Here's a quote from a Facebook document:
Depending on your application’s needs, you may need additional permissions from the user. A large number of calls do not require any additional permissions, so you should first make sure you need a permission. This is a good idea because this step potentially adds friction to the user’s process. Another point to remember is that this call can be made even after the user has first connected. So you may want to delay asking for permissions until as late as possible.
However, while working on an Android application that uses the Facebook SDK, I couldn't find good documentation on how to do this. Here's what I have been able to come up with by reading the code in sample Facebook applications in the SDK.