That's a great approach - specifically reassuring the user that you're not going to do anything malicious with their contacts. 95% of the time, if an app requests access to my contacts, I will deny it fearing that it's going to spam them text messages like "Dav- is using ShittyFooBarApp – Click here to join them! http://spammy.co/ad9s8hu".