As far as I know that is the basic_info scope and is included in all requests. Maybe just inform your users before hand that you will only be using the access to their photos?
Have a look on the Facebook developer page here:
https://developers.facebook.com/docs/facebook-login/permissions/#revoking
You could try to revoke the basic_info scope and see if it works. You can only revoke permission after the user has given permission so I think a notice would work better.